Download to read offline
Uploaded byPraveen Nair
Securing the Skies: Navigating Cloud Security Challenges and Beyond
The document discusses various aspects of cloud security, highlighting numerous data breaches from notable companies and the evolving threat landscape. It emphasizes the shared responsibility of security between cloud service providers and users, along with best practices for secure application development and compliance. Key topics include access control, data security, network security, and incident response strategies.
More Related Content
Similar to Securing the Skies: Navigating Cloud Security Challenges and Beyond
More from Praveen Nair
Securing the Skies: Navigating Cloud Security Challenges and Beyond
- 1. Securing the Skies NavigatingCloud Security Challenges and Beyond 26th July 2023
- 2. PRAVEEN NAIR Program Director,Adfolks LLC Application Architecture & Program Management Contact me: https://linktr.ee/ninethsense
- 3.
- 4.
- 5.
- 6.
- 7.
- 8. Introduction to Cloud& Cloud Security • Cloud • Private Cloud, Public Cloud, Hybrid Cloud, Multi Cloud • IaaS, PaaS, SaaS • Region / Sector specific cloud such as Azure Govt / G42 • CSP / Cloud Service Providers • AWS, Azure, GCP, Alibaba Cloud • DropBox, Adobe Creative Cloud, Salesforce
- 9. Security is amyth • 2019: T-Mobile data breach. • T-Mobile was the victim of a data breach that exposed the personal information of over 50 million customers, including names, addresses, Social Security numbers, and driver's license numbers. • 2019: Capital One data breach. • Capital One was the victim of a data breach that exposed the personal information of over 100 million customers, including names, addresses, Social Security numbers, and credit card numbers. • 2020: Twitter data breach. • Twitter was the victim of a data breach that exposed the personal information of over 500,000 users, including names, email addresses, and phone numbers. • 2021: Facebook data breach. • Facebook was the victim of a data breach that exposed the personal information of over 50 million users, including names, email addresses, and phone numbers. • 2022: Microsoft Exchange data breach. • Microsoft Exchange was the victim of a data breach that exposed the personal information of over 30,000 organizations, including email messages, contacts, and calendar events. • …
- 10. Security is amyth • July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud. • According to a report from The Washington Post, Chinese hackers were able to breach the cloud accounts of several U.S. government agencies, including the Department of State, the Department of Defense, and the Department of Homeland Security. The hackers were able to access sensitive data, including emails, documents, and passwords. • July 2023: More Victims Emerge from MOVEit Attacks. • The MOVEit file transfer application was recently hacked by threat actors, who were able to steal sensitive data from several organizations. The victims of the attack include the University of California, Berkeley, the University of Maryland, and the University of Michigan. • July 2023: Apple Patches Zero-Day Exploit. • Apple recently released a security patch for a zero-day exploit that was being used by hackers to target iPhones and iPads. The exploit allowed hackers to remotely execute code on the devices, which could have been used to steal data or install malware. • July 2023: Razer Investigates Alleged Data Breach. • The gaming hardware company Razer is investigating an alleged data breach that may have exposed the personal information of millions of customers. The breach is said to have affected users of Razer's online store and customer support website. • July 2023: Microsoft Denies Purported Data Breach. • Microsoft has denied a report that it was the victim of a data breach that exposed the personal information of millions of users. The report, which was published by a security blogger, claimed that the breach affected users of Microsoft's Office 365 service.
- 11. A chain isonly as strong as its weakest link Security is a Shared Responsibility between CSP and You! Social Engineering Cloud infrastructure is strong, but what use is it if the application is weak?
- 12. Threat landscape &risks 1.Data Breaches 2.Misconfigurations 3.Insecure APIs 4.DDoS Attacks 5.Insider Threats 6.Account Hijacking 7.Malware and Ransomware 8.Cryptojacking 9.Man-in-the-Middle (MITM) Attacks 10.Insider Data Leakage 11.Cloud Service Provider Breaches 12.Application specific issues >> OWASP Top 10 …
- 13. Access control andIdentity Management Authentication and authorization in the cloud Managed Identity (MI), Service Principal, Service Account Role-based access control (RBAC) and permissions Multi-factor authentication (MFA) and Single Sign-On (SSO) API, Microservices Security, throttling
- 14. Data Security Encryptionof data at rest and in transit Key management and best practices Secure data sharing and collaboration Row Level Security (RLS), Column Level Security (CLS) Managed Instance
- 15. Keys and CertificatesStore Azure KeyVault AWS/GCP Key Management Services (KMS)
- 16. Application Configuration AzureApp Configuration AWS App Config
- 17. Network Security Virtualprivate cloud (VPC) and network segmentation Firewall configuration and network access control Intrusion detection and prevention systems (IDS/IPS)
- 18. Secure Application Developmentfor Cloud Secure coding practices for cloud applications OWASP Top 10 Container security and orchestration DevSecOps principles and continuous security monitoring
- 19. Compliance, Governance and,Legal Considerations Cloud compliance standards (e.g., GDPR, HIPAA, PCI DSS) Cloud certifications and third-party audits Legal implications and jurisdiction challenges Ref: https://learn.microsoft.com/en-us/azure/compliance/
- 20. Incident Response andCloud Forensics • Cloud-based security incident and event management (SIEM)
- 21. Monitoring & Logging •Azure Monitor • AWS Cloudwatch • Dynatrace • DataDog • Prometheus • Thanos
- 22. Cloud Security BestPractices • Create and enforce security policies • Encrypt data at rest and motion • Multi-Factor Authentications / MFA and Strong Passwords • Firewalls, IPSecs and Antimalware • Isolate cloud data backups • Ensure data location visibility and control • Enable Loging and Monitoring • Enforce Principle of Least Privileges • Keep software up to date • Be careful about what data you store in the cloud • Use a cloud security solution
- 23. Cloud Security BestPractices • Security By Design • DevSecOps, CI/CD • Systematic Access control • OWASP recommendations • Penetration Testing • Obfuscation • VDI / VPNs • Don’t trust public internet • Tokeniation
- 24. CSP Example -Azure • https://azure.microsoft.com/en-us/products/
- 25. Thank You PRAVEEN NAIR Contactme: https://linktr.ee/ninethsense
Editor's Notes
- #9 VPN Tunnels or Site-to-site VPNs, Virtual Network Gateway, ExpressRoute, DirectConnect, 3rd party cloud exchange providers,
- #13 Data Breaches: Unauthorized access to sensitive data stored in the cloud, often due to weak authentication mechanisms or inadequate access controls. Misconfigurations: Improperly configured cloud services, storage buckets, or databases that expose sensitive information to the public internet, making it accessible to unauthorized users. Insecure APIs: Vulnerabilities in application programming interfaces (APIs) can allow attackers to bypass security controls and gain unauthorized access to cloud resources. DDoS Attacks: Distributed Denial of Service (DDoS) attacks can overwhelm cloud infrastructure, causing service disruptions and downtime. Insider Threats: Malicious or unintentional actions by employees or users with access to cloud resources can lead to data breaches or unauthorized data exposure. Account Hijacking: Unauthorized access to user accounts or administrative credentials can lead to data theft, service disruption, or unauthorized changes to cloud configurations. Malware and Ransomware: Malicious software can infect cloud environments, leading to data loss, encryption of files, or financial extortion through ransomware attacks. Cryptojacking: Unauthorized use of cloud computing resources to mine cryptocurrencies, leading to increased costs and reduced performance for the legitimate users. Man-in-the-Middle (MITM) Attacks: Intercepting and eavesdropping on communication between cloud services and users, potentially exposing sensitive data. Insider Data Leakage: Intentional or unintentional leakage of sensitive data by employees or users with authorized access to cloud resources. Cloud Service Provider Breaches: Security incidents or data breaches that occur on the side of the cloud service provider, potentially affecting multiple customers.
- #19 Secure coding practices for cloud applications Container security and orchestration DevSecOps principles and continuous security monitoring
- #20 Cloud compliance standards (e.g., GDPR, HIPAA, PCI DSS) Cloud certifications and third-party audits Legal implications and jurisdiction challenges
- #21 Incident response planning for cloud environments Cloud forensics challenges and best practices Cloud-based security incident and event management (SIEM) Security information and event management (SIEM) is a security solution that helps organizations detect, analyze, and respond to security threats before they harm business operations1. SIEM combines both security information management (SIM) and security event management (SEM) into one security management system1. SIEM technology collects event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis, and takes appropriate action1. In short, SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements1.
- #22 Incident response planning for cloud environments Cloud forensics challenges and best practices Cloud-based security incident and event management (SIEM) Security information and event management (SIEM) is a security solution that helps organizations detect, analyze, and respond to security threats before they harm business operations1. SIEM combines both security information management (SIM) and security event management (SEM) into one security management system1. SIEM technology collects event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis, and takes appropriate action1. In short, SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements1.